Friday, October 31, 2008

Here is a fascinating article that I meant to post when I started this site, but it slipped my mind. Read it and notice the similarities between open source crusaders and, uh, less savory characters. It talks about the steps that you should take in order to easily comply with the GPL without bringing down the fosstard wrath upon your company. For those of you who are too lazy to read the article, here is the meat.

... but getting sued is not the real problem. The real problem is when a posting about misappropriation of GPL software shows up on Slashdot and LWN. The real problem is when every public-facing phone number and email address for your company becomes swamped by legions of Linux fans demanding to know when you will provide the source code. The real problem persists for years after the event, when Google searches for the name of your products turn up links about GPL violations coupled with ill-informed but damaging rants.

So we want to avoid that outcome. If you read the legal complaints filed by the Software Freedom Law Center, they follow a similar pattern:

Someone discovers a product which incorporates GPL code such as busybox, but cannot find the source code on the company web site (probably because the company hasn't posted it).

This person sends a request for the source code to an address they find on that website, possibly support@mycompany.com.

This request is completely ignored or receives an unsatisfactory response.

The person contacts SFLC, who sends a letter to the legal department of the infringing company demanding compliance with the license and that steps be taken to ensure no future infringements take place.

SFLC also demands compensation for their legal expenses; thats how they fund their operation.

The corporate legal team, misreading the complaint as a shakedown attempt, stonewalls the whole thing or offers some steps but refuses to pay legal costs.

Lawsuit is filed, and the PR nightmare begins in earnest.

Now, IANAL, but I cannot imagine why a company would interpret this earnest plea for sourcecode and money as a shakedown attempt! Wait, maybe I can guess. Is it because it sounds EXACTLY THE SAME AS A SHAKEDOWN ATTEMPT!!! Now, I have no experience in the mau-mauing . . . er legal business, but if your ultimate goal is to promote FLOSS, then maybe you need a better business model. How expensive can it be to draft a legal form letter or letters and mail it off to companies' legal departments? SFLC, if you need money, tell rms to stop being a cheapskate and provide you with it. You could also ask major open source companies (IBM, Red Hat, etc.) for material aid. Demanding $Megabucks from companies to pay for your printing costs is not doing the community's image any favors. However, the best quote is at the end.

In practice the advertising clause (LHR NOTE: He is talking about 4-clause BSD) results in a long appendix in the product documentation listing all of the various contributors. Honestly nobody will ever read that appendix, but nonetheless it is worth putting together. You can also include a notice that the GPL code is available for download from the following URL... so if despite your best efforts the company does get sued, you'll have something concrete to point to in defense.

So your company might face a damaging lawsuit and a PR shitstorm because Freddy Freetard did not RTFM. Wow, just wow! To all companies out there considering using FLOSS, you may want to look at alternatives. There are very good quality proprietary systems out there, like QNX. If you need a decent, gratis (i.e. zero cost) operating system, you might want to look at the *BSDs. "Free Software" is more trouble than its worth.

Hmm. Lets talk shake down shall we? go here -- http://www.google.com/search?hl=en&q=software+piracy&btnG=Search. Top of the google search, what do you see? $1m reward offers for turning people in by the BSA, SIIA, and Microsoft. So orgs like the BSA are offering bounties for snitches.

Now I don't support piracy, Microsoft made the product they deserve to get paid for it. But the enforcement approach starts to look shaky and consistent with a shakedown in its own right.

Now compare that with the SFLC, http://www.google.com/search?hl=en&q=software+licensing+sflc&btnG=Search Typically the resolution of the situation does not end in big buckets of money.

The primary issue rests with the legal eagles. If a company is so stupid, like Verizon was, not to provide attribution to FOSS tools used then who is to blame? The same stupidity would apply to companies not purchasing the requisite number of licenses of proprietary software.

Visibility? Its the same in either case. FOSS, you get pulled through the court of public opinion mostly. For proprietary software you get hauled into public court which is then reported by every IT news source on the planet. Pick your poison but the result is the same -- everyone is aware of it.